Struct itsdangerous::UnverifiedValue

pub struct UnverifiedValue<'a, T> { /* private fields */ }

An UnverifiedValue is just that. A deserialized value that has not been verified against against a signer. This is useful if you want to deserialize something without verifying the signature, because you might need data in the unsigned value in order to look up the signing key in a database somewhere.

Example

use itsdangerous::*;

// One could imagine this looking up a signing key from a databse or something.
fn get_signing_key(user_id: u64) -> &'static str {
    match user_id {
        1 => "hello",
        2 => "world",
        _ => panic!("unexpected user {:?}", user_id)
    }
}

fn get_serializer(user_id: u64) -> impl Serializer + AsSigner {
    serializer_with_signer(default_builder(get_signing_key(user_id)).build(), URLSafeEncoding)
}

// Let's create a token for a user with id 1.
let token = get_serializer(1).sign(&1).unwrap();

// Now, let's say we've gotten that token from somewhere. We need to deserialize it, in order
// to determine the signing key to use. `from_str` will fail if deserialization fails, not if
// the signature is invalid.
let unverified_user_id = UnverifiedValue::<u64>::from_str(Separator::default(), URLSafeEncoding, &token).unwrap();
let serializer = get_serializer(*unverified_user_id.unverified_value());
// We can now attempt to verify the token with a given serializer.
assert_eq!(unverified_user_id.verify(&serializer).unwrap(), 1);

Implementations

impl<'a, T: DeserializeOwned> UnverifiedValue<'a, T>

pub fn from_str<TEncoding: Encoding>(
    separator: Separator,
    encoding: TEncoding,
    input: &'a str
) -> Result<Self, BadSignature<'_>>

pub fn unverified_value(&self) -> &T

pub fn verify<TSigner: AsSigner>(
    self,
    signer: &TSigner
) -> Result<T, BadSignature<'a>>